In an interview with Bloomberg, National Security Advisor Jake Sullivan reiterated once again the importance of the Chinese cyber threat to American national security.1. A message directed to Beijing, of course, but also to the incoming administration, a week after taking office. Sullivan spoke of "dramatic attacks in terms of scope and size", like the one revealed by the Washington Post last August: nine telecommunications companies, including Verizon and AT&T, compromised by theintelligence Chinese2. An extremely sophisticated operation by Beijing's cyber-spies, who have silently obtained the power to "geolocate millions of individuals and record their phone calls at will". Perhaps even politicians and government officials, who were hastily invited by the Cybersecurity and Infrastructure Security Agency (CISA) to adopt encrypted communication systems. end-to-end. An unprecedented disaster for American national security, a masterstroke for theintelligence Chinese.
This success clearly highlights Beijing's capabilities in the cyber domain. In particular, its main intelligence serviceintelligence, the Ministry of State Security (MSS), essential to maintaining President Xi Jinping in power. Throughout Xi's presidency, in fact, the role of the MSS has gradually strengthened. This is undoubtedly due to a framework of draconian reforms in the fields ofintelligence and national and cyber security. But also of the anti-corruption purges that have affected top party officials and Chinese military leaders, making room for a new ruling class more inclined to embrace President Xi's policies and global ambitions.
In the field of cyberespionage, the MSS has enjoyed virtually unparalleled freedom in the exercise of its functions. Appointed standard-bearer of cyber policies by theestablishment party, the MSS operates through a vast network of government agencies, companies, universities that, in a connivance signed in the name of national security, offer theintelligence Chinese ways and means to achieve their goals. According to estimates by Orange Cyberdefense, the size of this network would amount to the impressive number of over 300 organizations, including that market of cybersecurity which in China is worth over 20 billion dollars3.
Resources of this kind have allowed the MSS to mature its capabilities over time, moving from unsophisticated and "noisy" intrusions to a system of data collection intelligence structured. It is the result of intense work by the MSS that began between 2016 and 2017, when it took on the role of leading the activities of intelligence Chinese. Among the targets are undoubtedly large American companies, from industrial giants to big tech, but also small and medium-sized businesses, even lawyers and accountants, who offer specialized services to sensitive targets, and of which they can potentially hold valuable information. Systematically organized, this information can offer a broader perspective on the chosen targets.
Furthermore, the MSS can draw on a potentially larger pool of vulnerabilities than other agencies. intelligence foreigners. It is the result of a law on cybersecurity which imposes the obligation to exclusively report the discovery of any bugs to the Ministry of Industry and Information Technology (MIIT). A treasure trove in which precious unknown vulnerabilities could be hidden (zero-day) with great tactical potential: according to Orange Cyberdefense estimates, between 2023 and 2024 theintelligence Chinese would have contributed 41% of the zero-day of high or very high criticality identified by the company, a figure that demonstrates the enormous threat posed by China at this precise moment in history.
A threat, the cyberespionage, which, while worrying, does not scare Washington as much as the real catastrophe Sullivan revealed. In his exact words, the "[a] real possibility that China will actually use cyber means to physically disrupt or destroy critical infrastructure in the United States". A prospect that, according to the secretary of homeland security, would have been dissuaded by the threat of "serious consequences" in talks with Chinese counterparts, defined as "coherent and long-lasting".
The new Chinese strategy would consist of an adaptation to the cyber domain of the concept of "operational preparation of the combat environment" (operational preparation of the environment), defined as "the conduct of activities in potentially operational areas in order to create the conditions for the execution of missions"4. Translated, what theintelligence What the Chinese plan to do is to infiltrate the computer systems of sensitive targets in strategic contexts and of potential friction with US forces, in order to make their operations difficult in the event of war.
A clear example of this is the attempted intrusion into the information systems of the Port of Houston (Texas) in September 2021. It took just 31 seconds for theintelligence Chinese to compromise the port network and access a server intended for password recovery activities by employees. They came away with a file of encrypted keys, before the security personnel cybersecurity neutralize the threat. Had it gone differently, Chinese cyber-spies could have gained valuable positions within the network, allowing for possible disruptive or even destructive operations5.
But the Chinese strategy is not new to Washington's cyber-spies. Indeed, the first to use it in an anti-Russian way was CYBERCOM, during the 2018 midterm elections (during the Trump administration). Called upon to defend democracy, Washington's cyber-spies worked to isolate the infamous troll farm Russian Internet Research Agency, a creation of Yevgeny Prigozhin. Not satisfied, they went further, and placed logic bombs inside the computer networks of Russian power plants. The goal: to create a cyber deterrent to keep Russian hands well away from American internal politics, even at the cost of diplomacy. As if that were not enough, the American preventive positioning took place without the knowledge of Trump, who a few years earlier had removed the tracks imposed by Obama on CYBERCOM to avoid a new Stuxnet case, including the need for a presidential clearance6.
The important thing is coming soon dossier will pass into the hands of Mike Waltz, a Republican hawk who has floated the possibility of increasing offensive capabilities (and, perhaps, even employment) in the cyber domain, for the sake of U.S. national security. Asked by Breitbart about the Chinese threat, he claimed he wanted to respond in kind to Beijing's "operational preparedness": "logic bombs" in Chinese ports and power grids, in order to "lower tensions" and bring China to more moderate counsels7.
It is Cold War rhetoric, the one used by Waltz, which at least on the surface reveals a lack of depth of thought necessary to address the issue. He fears a dangerous game of chicken in the name of strategic deterrence, without considering the risks of such a policy for American national security. As Democratic Senator Chris Murphy has pointed out, talking about a Cold War with China is like mixing "apples and oranges." The United States, although competing on several fronts, enjoys "vital" trade relations with the Asian power. A zero-sum game, made up of economic and cyber wars, is not viable for either side.
The coming months will be crucial to determine whether Waltz's strategy will be as successful as hoped, and whether it will reduce tension between the two great powers in cyberspace. Looking back, precedents suggest a return tocommitment in the cyber domain by the Trump administration (supported by Waltz's statements), with the prospect that the cyber issue could become an important card to play in possible talks with the Chinese counterpart. An alternative (less plausible) is the continuation of Biden's strategy on cyber security, made up of rules, collaboration between all parts of society (government, companies and individuals) and intelligence shared. Finally, it remains to be hoped that the two great powers will succeed in their intent to defend their national interest, keeping in mind the collective one, so as not to bring the world one second closer to midnight.
1National Security Advisor Jake Sullivan Sits Down With Bloomberg. Bloomberg. 13/01/2024. https://www.youtube.com/watch?v=QQTGizZLtUo.
2AT&T, Verizon targeted by Salt Typhoon cyberespionage operation, but networks secure. Misra, S., Shepardson, D. Reuters. 29/12/2024. https://www.reuters.com/technology/cybersecurity/chinese-salt-typhoon-cyberespionage-targets-att-networks-secure-carrier-says-2024-12-29/.
3The hidden network: How China unites state, corporate, and academic assets for cyber offensive campaigns. Orange Cyberdefense. 24/11/2024. https://www.orangecyberdefense.com/global/blog/cert-news/the-hidden-network-how-china-unites-state-corporate-and-academic-assets-for-cyber-offensive-campaigns.
4 Title 10 of the United States Code. USC Art. 127f: Expenditure of funds for clandestine activities that support operational preparation of the environment and non-conventional assisted recovery capabilities. https://uscode.house.gov/view.xhtml?req=(title:10%20section:127f%20edition:prelim)%20OR%20(granuleid:USC-prelim-title10-section127f)&f=treesort&edition=prelim&num=0&jumpTo=true.
5How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons. The Wall Street Journal. 12/01/2025. https://www.tovima.com/wsj/how-chinese-hackers-graduated-from-clumsy-corporate-thieves-to-military-weapons/.
6 Anticipating Trump's influence on US Cyber Command. Singh, V. International Institute for Strategic Studies. 14/01/2024. https://iiss.org/cyber-power-matrix/anticipating-trumps-influence-on-us-cyber-command/.
7Mike Waltz to Clean Out Deep Staters from National Security Council: 'We're Taking Resignations at 12:01' on January 20. Breitbart. 09/12/2025. https://www.breitbart.com/politics/2025/01/09/exclusive-mike-waltz-clean-out-deep-staters-from-national-security-council-were-taking-resignations-1201-january-20/.
